Merge ask_exec: Stop checking for CMD_nx (named exec)

... because it gets translated to CMD_px or CMD_cx earlier in the function. Also add a safety check for unknown answers. MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1072 Approved-by: John Johansen <john@jjmx.net> Merged-by: John Johansen <john@jjmx.net>
2025-08-29 13:28:19 +00:00 · 2023-07-19 21:17:35 +00:00 · 2023-07-19 21:17:35 +00:00 · 17a521ff50
commit 17a521ff50
parent 853b138537 f1ab009a09
1 changed files with 3 additions and 1 deletions
--- a/utils/apparmor/aa.py
+++ b/utils/apparmor/aa.py
@ -1031,7 +1031,7 @@ def ask_exec(hashlog):
                        if target_profile and hashlog[aamode].get(target_profile):
                            hashlog[aamode][target_profile]['final_name'] = profile

-                    elif re.search('^CMD_(px|nx|pix|nix)', ans):
+                    elif ans.startswith('CMD_px') or ans.startswith('CMD_pix'):
                        if to_name:
                            exec_target = to_name

@ -1087,6 +1087,8 @@ def ask_exec(hashlog):
                    elif ans.startswith('CMD_ux'):
                        continue

+                    else:
+                        raise AppArmorBug('Unhandled ans %s, please open a bugreport!' % ans)

 def order_globs(globs, original_path):
    """Returns the globs in sorted order, more specific behind"""